Summary of Security Items from March 16 through March 22, 2006
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only
Vendor & Software Name
Description
Common Name
CVSS
Resources
ASPPortal 3.1.1
A vulnerability has been reported in ASPPortal that could let remote malicious users perform SQL injection.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
Mercur Messaging Standard 5.0 SP3, Lite 5.0 SP3, Enterprise 5.0 SP3
A buffer overflow vulnerability has been reported in Mercur Messaging that could let remote malicious users cause a Denial of Service or arbitrary code execution.
No workaround or patch available at time of publishing.
Proof of Concept exploit scripts, mercur.cpp and Mercur-5.0.c, have been published.
Mercur Messaging Denial of Service or Arbitrary Code Execution
A vulnerability has been reported in avast! Antivirus, insecure default permissions, that could let local malicious users bypass security restrictions.
No workaround or patch available at time of publishing.
Security Tracker, Alert ID: 1015788, March 20, 2006
MailEnable Standard Edition 1.91 and 1.92, Professional Edition 1.72 and prior, Enterprise Edition 1.2
Multiple buffer overflow vulnerabilities have been reported in MailEnable, Webmail and POP3, that could let remote malicious user cause a Denial of Service or execute arbitrary code.
An unspecified vulnerability has been reported in Internet Explorer that could let remote malicious users execute arbitrary code, HTA applications.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for these vulnerabilities.
Microsoft Internet Explorer Arbitrary Code Execution
Not Available
Security Tracker, Alert ID: 1015800, March 21, 2006
Microsoft
Internet Explorer 6.0.2900.2180
A buffer overflow vulnerability has been reported in Internet Explorer that could let remote malicious users cause a Denial of Service or execute arbitrary code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit script has been published.
Microsoft, Security Bulletin MS06-011, March 14, 2006
Microsoft, Security Bulletin MS06-011 V1.1, March 17, 2006
TrendMicro
PC-cillin Internet Security 14.00.1485, 14.10.0.1023
A vulnerability has been reported in PC-cillin Internet Security, insecure default directory permissions, that could let local malicious users obtain elevated privileges.
No workaround or patch available at time of publishing.
There is no exploit code required.
PC-cillin Internet Security Privilege Elevation
Not Available
Secunia, Advisory: SA19282, March 22, 2006
Veritas
Backup Exec for Windows Servers 9.1, 10.0, 10.1
A vulnerability has been reported in Backup Exec for Windows Servers that could let remote malicious users cause a Denial of Service or arbitrary code execution.
A directory traversal vulnerability has been reported in WinHKI, RAR, TAR, ZIP and TAR.GZ archive handling, that could let remote malicious users obtain unauthorized system access.
No workaround or patch available at time of publishing.
Multiple vulnerabilities have been reported: a vulnerability was reported in JavaScript because in certain circumstances because it is possible to bypass the same-origin policy; a buffer overflow vulnerability was reported in Mail due to a boundary error, which could let a remote malicious user execute arbitrary code; and a vulnerability was reported in Safari/LaunchServices due to an error which could lead to the execution of a malicious file.
A vulnerability has been reported in the 'beagle-status' script because the 'beagle-info' script runs insecurely, which could let a malicious user execute arbitrary commands.
Fedora Update Notification,
FEDORA-2006-188, March 21, 2006
Crossfire
Crossfire 1.9 , 1.8
A buffer overflow vulnerability has been reported in 'request.c' due to an error in the 'SetUp()' function when handling the 'setup' command, which could let a remote malicious user cause a Denial of Service and potentially execute arbitrary code.
Debian Security Advisory,
DSA-1009-1, March 20, 2006
Daniel Stenberg
curl 7.12-7.15, 7.11.2
A buffer overflow vulnerability has been reported due to insufficient bounds checks on user-supplied data before using in a finite sized buffer, which could let a local/remote malicious user execute arbitrary code.
A vulnerability has been reported in 'log.c' due to the insecure creation of the log file, which could let a remote malicious user overwrite sensitive data or configuration files.
Debian Security Advisory
DSA-1013-1, March 22, 2006
Debian
libcgi-session-perl 4.03-1
Multiple vulnerabilities have been reported in the libcgi-session-perl package due to the insecure creation of temporary files, which could let a remote/local malicious user overwrite files or obtain sensitive information.
No workaround or patch available at time of publishing.
An information disclosure vulnerability has been reported because sensitive information is improperly stored in world-readable files, which could let a malicious user obtain sensitive information.
The vulnerability will reportedly be fixed in version 4.0.14-9 of the shadow package.
There is no exploit code required.
Debian GNU/Linux Information Disclosure
Not Available
Security Focus, Bugtraq ID: 17122, March 15, 2006
Free
RADIUS
FreeRADIUS 1.0-1.0.5
A vulnerability has been reported in the EAP-MSCHAPv2 state machine due to an error, which could let a malicious user bypass authentication and cause a Denial of Service.
A vulnerability has been reported in the IPsec implementation due to the improper handling of sequence numbers, which could let a remote malicious user replay IPsec traffic.
FreeBSD Security Advisory, FreeBSD-SA-06:12, March 22, 2006
GlFtpd
glFTPd prior to 2.01 RC5
A vulnerability has been reported in the IP address checking due to an error, which could let a remote malicious user bypass certain security restrictions.
A buffer overflow vulnerability has been reported which could lead to a Denial of Service when processing messages that contain inline XML file attachments with excessively long strings.
Security Focus, Bugtraq ID: 16408, January 30, 2006
Mandriva Linux Security Advisory, MDKSA-2006:057, March 20, 2006
GNU
GNU Privacy Guard prior to 1.4.2.2.
A vulnerability has been reported caused due to an error in the detection of unsigned data, which could let a remote malicious user inject arbitrary data and bypass verification.
Debian Security Advisory, DSA 993-1, March 10, 2006
Gentoo Linux Security Advisory, GLSA 200603-08, March 10, 2006
SUSE Security Announcement, SUSE-SA:2006:014, March 10, 2006
Slackware Security Advisory, SSA:2006-072-02, March 13, 2006
RedHat Security Advisory, RHSA-2006:0266-8, March 15, 2006
Ubuntu Security Notice, USN-264-1, March 13, 2006
Trustix Secure Linux Security Advisory #2006-0014, March 20, 2006
Hewlett Packard Company
HP-UX B.11.23, B.11.11, B.11.00
A vulnerability has been reported in the 'usermod' command when handling the '-u' and '-m' commandline options, which could let a malicious user obtain unauthorized access.
Cross-Site Scripting vulnerabilities have been reported when processing emails due to an input validation error, which could let a remote malicious user execute arbitrary HTML and script code.
A vulnerability has been reported due to a flaw in its creation of IVs (Initialization Vectors) for ciphers with a blocksize larger than 8 when the RandonIV-style header is used, which could let a remote malicious user bypass security restrictions.
Debian Security Advisory,
DSA-996-1, March 13, 2006
Gentoo Linux Security Advisory, GLSA 200603-15, March 17, 2006
Metamail
Metamail 2.7
A buffer overflow vulnerability has been reported when handling boundary headers within email messages, which could let a remote malicious user execute arbitrary code. Note: According to Security Tracker this is a Linux/Unix vulnerability. Previously classified as multiple operating systems.
A vulnerability has been reported in 'uidgid.h' due to an integer type definition error, which could let a remote/local malicious user obtain elevated privileges.
Security Focus, Bugtraq ID: 14792, September 9, 2005
Ubuntu Security Notice, USN-178-1, September 09, 2005
Mandriva Linux Security Update Advisory, MDKSA-2005:171, October 3, 2005
RedHat Security Advisory, RHSA-2005:514-46, October 5, 2005
Mandriva Linux Security Advisory, MDKSA-2005:219, November 30, 2005
Debian Security Advisory, DSA 921-1, December 14, 2005
RedHat Security Advisory, RHSA-2006-0144, March 16, 2006
Multiple Vendors
Linux kernel 2.6-2.6.16
Several vulnerabilities have been reported: a buffer overflow vulnerability was reported in the 'do_replace()' function in Netfilter, which could let a remote malicious user execute arbitrary code; and a buffer overflow vulnerability was reported in 'drivers/usb/gadget/mdis.c' when handling a NDIS response to 'OID_GEN_SUPPORTED
_LIST,' which could lead to the corruption of kernel memory.
A vulnerability has been reported due to the insecure creation of temporary files when logging is enabled, which could let a malicious user cause a Denial of Service or overwrite files.
Ubuntu Security Notice, USN-219-1, November 22, 2005
Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005
Debian Security Advisory, DSA 922-1, December 14, 2005
Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006
RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006
RedHat Security Advisory, RHSA-2006-0144, March 16, 2006
Multiple Vendors
X.org 1.0.0 & later, X11R6.9.0, X11R7.0 ; Sun Solaris 10.0 _x86;
SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS;
RedHat Fedora Core5;
MandrakeSoft Linux Mandrake 2006.0 x86_64, 2006.0
A vulnerability has been reported due to an error when checking a user's privileges because the address of the 'geteuid()' function is tested and not the result of the function, which could let a malicious user bypass security restrictions.
Sun(sm) Alert Notification
Sun Alert ID: 102252, March 20, 2006
Mandriva Linux Security Advisory, MDKSA-2006:056, March 20, 2006
SUSE Security Announcement, SUSE-SA:2006:016, March 21, 2006
Multiple Vendors
Zoo 2.10;
Gentoo Linux
A buffer overflow vulnerability has been reported in 'parse.c' due to a boundary error in the 'parse' function when creating an archive from a file with an overly long pathname, which could let a malicious user execute arbitrary code.
A vulnerability has been reported due to insecure creation of temporary files when crontab is executed with the '-e' option, which could let a malicious user obtain sensitive information.
Fedora Update Notification,
FEDORA-2005-320, April 15, 2005
Fedora Update Notifications,
FEDORA-2005-
550 & 551,
July 12, 2005
RedHat Security Advisory, RHSA-2005:361-19, October 5, 2005
RedHat Security Advisory, RHSA-2006:0117-7, March 15, 2006
PEAR
PEAR::Auth 1.2.4 & prior to 1.3.0r4
Multiple unspecified SQL injection vulnerabilities have been reported due to insufficient sanitization , which could let a remote malicious user execute arbitrary SQL code.
Security Focus, Bugtraq ID: 16758, February 21, 2006
Gentoo Linux Security Advisory, GLSA 200603-13, March 17, 2006
Royal Institute of Technology
Heimdal prior to 0.6.6 & 0.7.2
A vulnerability has been reported in the 'rshd' server when storing forwarded credentials due to an unspecified error, which could let a malicious user obtain elevated privileges.
Security Tracker Alert ID: 1015591, February 7, 2006
Ubuntu Security Notice, USN-247-1, February 09, 2006
Debian Security Advisory,
DSA-977-1, February 16, 2006
SUSE Security Announcement, SUSE-SA:2006:011, February 24, 2006
Gentoo Linux Security Advisory, GLSA 200603-14, March 17, 2006
Sendmail Consortium
Sendmail prior to 8.13.6
A vulnerability has been reported due to a race condition caused by the improper handling of
asynchronous signals, which could let a remote malicious user execute arbitrary code.
A vulnerability has been reported because the default policy is set to trust all unknown capabilities instead of considering them as insecure, which could potentially let a malicious user bypass security restrictions.
Multiple Operating Systems - Windows/UNIX/Linux/Other
Vendor & Software Name
Description
Common Name
CVSS
Resources
1Web
Calendar
1WebCalendar 4.0
SQL injection vulnerabilities have been reported in 'viewEvent.cfm' due to insufficient sanitization of the 'EventID' parameter, in 'news/newsView.cfm' due to insufficient sanitization of the 'NewsID' parameter, and in 'mainCal.cfm' due to insufficient sanitization of the 'ThisDate' parameter, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.
1WebCalendar SQL Injection
Not Available
Secunia Advisory: SA19329, March 22, 2006
Adobe
Flash Player 8.0.22.0 and prior, Breeze Meeting Add-In 5.1 and prior, Shockwave Player 10.1.0.11 and prior, Flash Debug Player 7.0.14.0 and prior
A vulnerability has been reported in Flash Player that could let remote malicious users execute arbitrary code.
RedHat Security Advisory, RHSA-2006:0268-5, March 15, 2006
SUSE Security Announcement, SUSE-SA:2006:015, March 21, 2006
Gentoo Linux Security Advisory, GLSA-200603-20, March 21, 2006
BEA Systems, Inc.
WebLogic Express 6.x, 7.x, 8.x, WebLogic Server 6.x, 7.x, 8.x
Several vulnerabilities have been reported: a vulnerability was reported due to an error in the restriction of an unspecified internal servlet, which could let a remote malicious user with HTTP access obtain sensitive information; and a remote Denial of Service vulnerability was reported due to an error in the XML parser.
BEA Systems Security Advisories, BEA06-120.00 & BEA06-123.00, March 20, 2006
BEA Systems, Inc.
WebLogic Portal 8.1 , SP1-SP5, 8.0
A vulnerability has been reported in the JSR-168 Portlets because they are incorrectly rendered from the cache, which could let a remote malicious user obtain sensitive information.
Security Tracker Alert ID: 1015787, March 17, 2006
Contrexx
Contrexx 1.0.8, 1.0.7, 1.0.5, 1.0.4
A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
A vulnerability has been reported due to insufficient sanitization of the 'archive' parameter in a POST request or in a cookie, which could let a remote malicious user obtain sensitive information.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
A buffer overflow vulnerability has been reported when parsing a URL that contains the TPTP protocol prefix 'tfpt://' due to a boundary error, which could let a remote malicious user cause a Denial of Service and possibly execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200603-19, March 21, 2006
Fedora Update Notification,
FEDORA-2006-189, March 21, 2006
Drupal
Drupal prior to 4.5.8 & 4.6.6
Multiple vulnerabilities have been reported: a vulnerability was reported when using 'menu.module' to create a menu item, which could let a remote malicious user bypass security restrictions; a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of unspecified input before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported when handling sessions during login due to an error, which could let a remote malicious user hijack another user's session; and a vulnerability was reported due to insufficient sanitization of unspecified input before using in mail headers, which could let a remote malicious user inject arbitrary headers in outgoing mails.
Debian Security Advisory,
DSA-1007-1, March 17, 2006
Ext
Calendar
ExtCalendar 1.0
Cross-Site Scripting vulnerabilities have been reported in 'calendar.php' due to insufficient sanitization of the 'month,' 'year,' 'prev,' and 'next' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
This issue is reportedly addressed in ExtCalendar 2.0.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A Cross-Site Scripting vulnerability has been reported in 'my.support.php3' due to insufficient sanitization of the 's' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit has been published.
A buffer overflow vulnerability has been reported in the 'avcodec_default_get_buffer()' function of 'utils.c' due to a boundary error, which could let a remote malicious user execute arbitrary code.
Ubuntu Security Notice, USN-230-1, December 14, 2005
Mandriva Linux Security Advisories MDKSA-2005:228-232, December 15, 2005
Ubuntu Security Notice, USN-230-2, December 16, 2005
Gentoo Linux Security Advisory, GLSA 200602-01, February 5, 2006
Gentoo Linux Security Advisory, GLSA 200603-03, March 4, 2006
Debian Security Advisory,
DSA-992-1, March 10, 2006
Debian Security Advisories, DSA-1004-1 & DSA-1005-1, March 16, 2006
Free Articles Directory
Free Articles Directory
A file include vulnerability has been reported in 'index.php' due to insufficient verification of the 'page' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client.
Free Articles Directory Page Parameter Directory Remote File Include
Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'inc/setLang.php' due to insufficient sanitization of the 'lang' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; a vulnerability was reported in 'inc/setLang.php' due to insufficient sanitization of the 'lang' parameter before using in an 'include_once()' call, which could let a remote malicious user obtain sensitive information; and an SQL injection vulnerability was reported in 'admin/loginfunction.php' due to insufficient sanitization of the 'username' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Proof of Concept exploits and an exploit script, gCards-multiple-vulnerabilities.php, have been published.
Two script insertion vulnerabilities have been reported in 'zones.php' due to insufficient sanitization of the 'Name' and 'Description' fields when editing zones, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Currently we are not aware of any exploits for this vulnerability.
Invision Power Board 2.1.5 (before 2006-03-08) & prior for the 2.1.x branch
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified input passed via the PM before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
Vulnerability can be exploited through a web client.
Invision Power Board PM Cross-Site Scripting
Not Available
Secunia Advisory: SA19299, March 22, 2006
Knowledge
basePublisher
Knowledge
basePublisher 1.2
A file include vulnerability has been reported in 'PageController.php' due to insufficient verification of the 'dir' parameter, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through use of a web client; however, a Proof of Concept exploit script, KBPublisher-rfi-expl.pl, has been published.
SQL injection vulnerabilities have been reported in 'events.php' due to insufficient sanitization of the 'date' parameter and in 'menu.php' due to insufficient sanitization of the 'month' and 'year' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
SQL injection vulnerabilities have been reported in 'admin/index.php' due to insufficient sanitization of the 'email' and 'pass' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
SQL injection vulnerabilities have been reported in 'print.php' due to insufficient sanitization of the 'entry' parameter and in 'mail.php' due to insufficient sanitization of the 'email' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited using a web client.
Multiple input validation vulnerabilities have been reported: an SQL injection vulnerability was reported in 'auth.php' and 'logout.php' due to insufficient sanitization of the 'username' parameter and in 'chgpwd.php' due to insufficient sanitization of the 'USERNAME' and 'PASSWORD' cookie parameters, which could let a remote malicious user execute arbitrary SQL code; an SQL injection vulnerability was reported in 'admin/authuser.php' and 'admin/userstatistics.php' due to insufficient sanitization of the 'username,' 'password,' and 'filter' parameters, the 'teamname" parameter in 'admin/authgroup.php, and the 'date' and 'id' parameters in 'admin/traffic.php' before using in an SQL queries, which could let a remote malicious user execute arbitrary SQL code; and a Cross-Site Scripting vulnerability was reported in 'admin/userstatistics.php' due to insufficient sanitization of the 'username' parameter and in 'authuser.php' due to insufficient sanitization of 'ipAddress' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through use of a web client; however, a Proof of Concept script, Milkeyway-0.1.1.txt, has been published.
Several vulnerabilities have been reported: an input validation vulnerability was reported due to insufficient sanitization of the remote Bluetooth device name before using in a security dialog, which could let a remote malicious user trick users into accepting certain security dialogs; and a remote Denial of Service vulnerability has been reported when an overly long OBEX 'setpath()' is submitted via the OBEX File Transfer service if the attacker's device has been paired.
Vulnerability has reportedly been fixed by the vendor.
A Proof of Concept exploit has been published for the dialog spoofing vulnerability.
Motorola Cellular Phones Security Dialog Spoofing & Remote Denial of Service
Not Available
Secunia Advisory: SA19319, March 22, 2006
MusicBox
MusicBox 2.3 Beta 2
Multiple input validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code and SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A Cross-Site Scripting vulnerability has been reported in 'member.php' due to insufficient sanitization of the 'url' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
A Proof of Concept exploit.advisory-297.txt, has been published.
Novell Technical Information Document , TID2973435, March 16, 2006
Novell
Open Enterprise Server (OES) 0, Netware 6.5, SP1-SP4
Several vulnerabilities have been reported because 'NILE.NLM' allows clients to establish SSL connections that use no encryption or weak ciphers, which could let a malicious user bypass security restrictions.
Novell Technical Information Document, TID10100633, March 17, 2006
OSI Codes Inc.
PHP Live! 3.0
A Cross-Site Scripting vulnerability has been reported in 'Status_Image.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.
PHP Live! Cross-Site Scripting
Not Available
Security Focus, Bugtraq ID: 17184, March 22, 2006
OSWiki
OSWiki prior to 0.3.1
A vulnerability has been reported due to insufficient sanitization of the username before displaying, which could let a remote malicious user execute arbitrary HTML and script code.
An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'oxynews_comment_id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.
A buffer overflow vulnerability has been reported when handling parameters received in an URL due to a boundary error, which could let a remote malicious user execute arbitrary code.
Gentoo Linux Security Advisory, GLSA 200603-17, March 21, 2005
PHP iCalendar
PHP iCalendar 2.2.1 & prior
Several vulnerabilities have been reported: a file include vulnerability was reported in the 'phpicalendar' cookie due to insufficient verification of the 'cookie_language' and 'cookie_style' parameters, which could let a remote malicious user include arbitrary files; and a file upload vulnerability was reported due to insufficient access controls to the calendar upload directory, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploit scripts, php_ical_2.2.1_
local_file_include.php and php-iCalendar-221.upload.php, have been published.
Security Focus, Bugtraq IDs: 17125 & 17129, March 16, 2006
Php
Outsourcing
Noah's Classifieds 1.3 & prior
Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of user -supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
There is no exploit code required; however, Proof of Concept exploits have been published.
A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'set_theme' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.
SQL injection vulnerabilities have been reported in 'article.php' and 'friend.php' due to insufficient sanitization of the 'sid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published.
A vulnerability has been reported due to insufficient sanitization of 'SITE' command parameters, which could let a remote malicious user execute arbitrary commands.
Security Focus, Bugtraq ID: 14935 , September 26, 2005
Debian Security Advisory,
DSA-1006-1, March 16, 2006
Skull-Splitter
Skull-Splitter Download Counter for Wallpapers 1.0
An SQL injection vulnerability has been reported in 'count.php' due to insufficient sanitization of the 'count_fieldname,' 'url_fieldname,' and 'url' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client.
Skull-Splitter Download Counter for Wallpapers SQL Injection
A Cross-Site Scripting vulnerability has been reported in 'guestbook.php' due to insufficient sanitization of the 'url' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser.
An SQL injection vulnerability has been reported in 'reg.php' due to insufficient sanitization of the 'mail' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, softbb_poc.py, has been published.
A Cross-Site Scripting vulnerability has been reported in the Research Module due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
The vendor has addressed this issue in the source.
Vulnerability can be exploited with a web browser.
A script insertion vulnerability has been reported due to insufficient sanitization of unspecified input, which could let a remote malicious user execute arbitrary HTML and script code.
InterScan Messaging Security Suite 5.5 build 1183.
A vulnerability has been reported in the 'ISNTSmtp' subdirectory due to insecure default permissions, which could let a malicious user obtain elevated privileges.
Update to version 5.7.0.1121 or later.
Currently we are not aware of any exploits for this vulnerability.
InterScan Messaging Security Suite Insecure Default Directory Permissions
Not available
Secunia Advisory: SA19022, March 22, 2006
VeriSign
MPKI 6.0
A Cross-Site Scripting vulnerability has been reported in 'haydn.exe' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited with a web browser; however, a Proof of Concept exploit has been published.
A Cross-Site Scripting vulnerability has been reported in 'Class_DB_MySQL.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code.
No workaround or patch available at time of publishing.
Vulnerability can be exploited using a web client; however, a Proof of Concept exploit has been published.
Mobiles help knowledge workers most: According to a report from the Centre for Economic and Business Research (CEBR), mobile phones increased the productivity of workers by nearly one percent in 2004. According to the report, mobile phones enabled staff to save about 20 minutes per day. However, the research also found that benefits were largely concentrated in the hands of two million mobile knowledge workers. These tend to be professionals who make heavy use of mobiles to keep in touch with customers and colleagues while traveling.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
Multiple Vulnerabilities in Adobe Macromedia Flash: US-CERT is aware of several vulnerabilities in Adobe Macromedia Flash products. A system may be compromised if a user accesses a web page that references a specially crafted Flash (SWF) file.
FaceTime identifies new IM botnet threat: A new threat has been identified by research experts at FaceTime Security Labs(TM) that affects instant messaging (IM) applications. Acting on an anonymous tip, they uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers. One is used as a vehicle to fraudulently scan desktop and back-end systems to obtain credit card numbers, bank accounts, and personal information including log-ins and passwords.
Crimeware, Trojan redirector targeting more than 100 banks: Websense® Security Labs™ has received reports of a Trojan Horse that is targeting users of more than 100 financial institutions in the United States and Europe. The malicious code checks to see if there is an active window open (either "my computer" or Internet Explorer). If one of these applications is not open, the malicious code modifies the contents of the hosts file on the local machine with a list of sites all pointing to localhost (127.0.0.1). If either of these applications is open, the malicious code performs a DNS lookup to a DNS server hosted in Russia and receives an address for a website.
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
Rank
Common Name
Type of Code
Trend
Date
Description
1
Netsky-P
Win32 Worm
Stable
March 2004
A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder.
2
Zafi-B
Win32 Worm
Stable
June 2004
A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names.
3
Lovgate.w
Win32 Worm
Stable
April 2004
A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network.
4
Mytob-GH
Win32 Worm
Stable
November 2005
A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address.
5
Netsky-D
Win32 Worm
Stable
March 2004
A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only.
6
Mytob-AS
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine.
7
Sober-Z
Win32 Worm
Stable
December 2005
This worm travels as an email attachment, forging the senders address, harvesting addresses from infected machines, and using its own mail engine. It further download code from the internet, installs into the registry, and reduces overall system security.
8
Mytob.C
Win32 Worm
Stable
March 2004
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files.
9
Zafi-D
Win32 Worm
Stable
December 2004
A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer.
10
Mytob-BE
Win32 Worm
Stable
June 2005
A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data.